Vulnerability-Lookup

CVE-2018-0263 (GCVE-0-2018-0263)

Vulnerability from cvelistv5 – Published: 2018-06-07 12:00 – Updated: 2024-11-29 15:07

Summary

A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.

Severity ?

No CVSS data available.

CWE

CWE-16

Assigner

cisco

References

URL

Tags

	http://www.securityfocus.com/bid/104419	vdb-entryx_refsource_BID
	http://www.securitytracker.com/id/1041065	vdb-entryx_refsource_SECTRACK
	https://tools.cisco.com/security/center/content/C…	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	n/a	Cisco Meeting Server unknown	Affected: Cisco Meeting Server unknown

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:21:15.264Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104419",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104419"
          },
          {
            "name": "1041065",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041065"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-0263",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-29T14:37:55.207876Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-29T15:07:12.114Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Meeting Server unknown",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Cisco Meeting Server unknown"
            }
          ]
        }
      ],
      "datePublic": "2018-06-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-16",
              "description": "CWE-16",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-06-12T09:57:01.000Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "104419",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104419"
        },
        {
          "name": "1041065",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041065"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0263",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Cisco Meeting Server unknown",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Cisco Meeting Server unknown"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-16"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104419",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104419"
            },
            {
              "name": "1041065",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041065"
            },
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id",
              "refsource": "CONFIRM",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2018-0263",
    "datePublished": "2018-06-07T12:00:00.000Z",
    "dateReserved": "2017-11-27T00:00:00.000Z",
    "dateUpdated": "2024-11-29T15:07:12.114Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/104419\", \"name\": \"104419\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"http://www.securitytracker.com/id/1041065\", \"name\": \"1041065\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\", \"x_transferred\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T03:21:15.264Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-0263\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-11-29T14:37:55.207876Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-11-29T14:38:53.357Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"Cisco Meeting Server unknown\", \"versions\": [{\"status\": \"affected\", \"version\": \"Cisco Meeting Server unknown\"}]}], \"datePublic\": \"2018-06-07T00:00:00.000Z\", \"references\": [{\"url\": \"http://www.securityfocus.com/bid/104419\", \"name\": \"104419\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"http://www.securitytracker.com/id/1041065\", \"name\": \"1041065\", \"tags\": [\"vdb-entry\", \"x_refsource_SECTRACK\"]}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id\", \"tags\": [\"x_refsource_CONFIRM\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-16\", \"description\": \"CWE-16\"}]}], \"providerMetadata\": {\"orgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"shortName\": \"cisco\", \"dateUpdated\": \"2018-06-12T09:57:01.000Z\"}, \"x_legacyV4Record\": {\"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"Cisco Meeting Server unknown\"}]}, \"product_name\": \"Cisco Meeting Server unknown\"}]}, \"vendor_name\": \"n/a\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"http://www.securityfocus.com/bid/104419\", \"name\": \"104419\", \"refsource\": \"BID\"}, {\"url\": \"http://www.securitytracker.com/id/1041065\", \"name\": \"1041065\", \"refsource\": \"SECTRACK\"}, {\"url\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id\", \"name\": \"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id\", \"refsource\": \"CONFIRM\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-16\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-0263\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"psirt@cisco.com\"}}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2018-0263\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-11-29T15:07:12.114Z\", \"dateReserved\": \"2017-11-27T00:00:00.000Z\", \"assignerOrgId\": \"d1c1063e-7a18-46af-9102-31f8928bc633\", \"datePublished\": \"2018-06-07T12:00:00.000Z\", \"assignerShortName\": \"cisco\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2018-AVI-270

Vulnerability from certfr_avis - Published: 2018-06-07 - Updated: 2018-06-07

De multiples vulnérabilités ont été découvertes dans les produits Cisco. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Cisco	N/A	Prime Collaboration Assurance
Cisco	N/A	MediaSense
Cisco	N/A	Prime Collaboration Provisioning
Cisco	IOS XE	Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configurées pour utiliser l'authentification AAA
Cisco	N/A	Cisco Meeting Server (CMS) 2000 exécutant une version logicielle CMS antérieures à 2.2.13 ou 2.3.4.
Cisco	N/A	Unified Intelligence Center (UIC)
Cisco	N/A	Emergency Responder
Cisco	N/A	Hosted Collaboration Mediation Fulfillment
Cisco	N/A	Prime License Manager
Cisco	Unified Communications Manager	Unified Communications Manager (UCM)
Cisco	N/A	Virtualized Voice Browser
Cisco	Unified Communications Manager	Unified Communications Manager IM and Presence Service (IM&P)
Cisco	N/A	Cisco Network Services Orchestrator (NSO) versions 4.1 à 4.1.6.0, 4.2 à 4.2.4.0, 4.3 à 4.3.3.0 et 4.4 à 4.4.2.0
Cisco	N/A	SocialMiner
Cisco	N/A	Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA
Cisco	N/A	Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et antérieures
Cisco	IP Phone	Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version antérieure à 11.1(2)
Cisco	N/A	Unified Contact Center Express (UCCx)
Cisco	N/A	Finesse
Cisco	Unity Connection	Unity Connection
Cisco	N/A	Unified Communication Manager Session Management Edition (SME)

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco cisco-sa-20180606-cms-id du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-diskdos du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-asaftd du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-sql du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-access du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-aaa du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-wsa du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-nso du 6 juin 2018	None	vendor-advisory
Bulletin de sécurité Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Prime Collaboration Assurance",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "MediaSense",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Prime Collaboration Provisioning",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IOS XE versions Fuji 16.7.1 ou Fuji 16.8.1 configur\u00e9es pour utiliser l\u0027authentification AAA",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Meeting Server (CMS) 2000 ex\u00e9cutant une version logicielle CMS ant\u00e9rieures \u00e0 2.2.13 ou 2.3.4.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Intelligence Center (UIC)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Emergency Responder",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Hosted Collaboration Mediation Fulfillment",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Prime License Manager",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Communications Manager (UCM)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Virtualized Voice Browser",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Communications Manager IM and Presence Service (IM\u0026P)",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Network Services Orchestrator (NSO) versions 4.1 \u00e0 4.1.6.0, 4.2 \u00e0 4.2.4.0, 4.3 \u00e0 4.3.3.0 et 4.4 \u00e0 4.4.2.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "SocialMiner",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AsyncOS avec une version 10.5.1, 10.5.2 ou 11.0.0 du logiciel WSA",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Prime Collaboration Provisioning (PCP) versions 12.2 et ant\u00e9rieures",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco IP Phone series 6800, 7800 et 8800 avec un micorgiciel Multiplatform version ant\u00e9rieure \u00e0 11.1(2)",
      "product": {
        "name": "IP Phone",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Contact Center Express (UCCx)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Finesse",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unity Connection",
      "product": {
        "name": "Unity Connection",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Unified Communication Manager Session Management Edition (SME)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2018-0320",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0320"
    },
    {
      "name": "CVE-2018-0317",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0317"
    },
    {
      "name": "CVE-2018-0274",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0274"
    },
    {
      "name": "CVE-2018-0321",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0321"
    },
    {
      "name": "CVE-2018-0319",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0319"
    },
    {
      "name": "CVE-2017-6779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-6779"
    },
    {
      "name": "CVE-2018-0296",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0296"
    },
    {
      "name": "CVE-2018-0318",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0318"
    },
    {
      "name": "CVE-2018-0263",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0263"
    },
    {
      "name": "CVE-2018-0316",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0316"
    },
    {
      "name": "CVE-2018-0315",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0315"
    },
    {
      "name": "CVE-2018-0322",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0322"
    },
    {
      "name": "CVE-2018-0353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-0353"
    }
  ],
  "initial_release_date": "2018-06-07T00:00:00",
  "last_revision_date": "2018-06-07T00:00:00",
  "links": [],
  "reference": "CERTFR-2018-AVI-270",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2018-06-07T00:00:00.000000"
    },
    {
      "description": "Version initiale",
      "revision_date": "2018-06-07T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-cms-id du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-bypass du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-bypass"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-recovery du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-recovery"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-multiplatform-sip du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-multiplatform-sip"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-diskdos du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-asaftd du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-asaftd"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-sql du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-sql"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-access du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-access"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-aaa du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-aaa"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-wsa du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-wsa"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-password-reset du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-password-reset"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-nso du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-nso"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-20180606-prime-rmi du 6 juin 2018",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-prime-rmi"
    }
  ]
}

GHSA-4MH9-2PMQ-746J

Vulnerability from github – Published: 2022-05-13 01:17 – Updated: 2022-05-13 01:17

Details

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1188"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-07T12:29:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.",
  "id": "GHSA-4mh9-2pmq-746j",
  "modified": "2022-05-13T01:17:37Z",
  "published": "2022-05-13T01:17:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0263"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104419"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1041065"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2018-0263

Vulnerability from fkie_nvd - Published: 2018-06-07 12:29 - Updated: 2024-11-21 03:37

Severity ?

7.4 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Summary

References

URL	Tags
psirt@cisco.com	http://www.securityfocus.com/bid/104419	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1041065	Third Party Advisory, VDB Entry
psirt@cisco.com	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/104419	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1041065	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id	Vendor Advisory

Impacted products

	Vendor	Product	Version
	cisco	meeting_server	*
	cisco	meeting_server	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED10E3C-5B05-406F-8BB7-E59A97599482",
              "versionEndExcluding": "2.2.13",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEE9AB1F-B540-4DED-8C69-AD3509B5D58D",
              "versionEndExcluding": "2.3.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en Cisco Meeting Server (CMS) podr\u00eda permitir que un atacante adyacente no autenticado acceda a servicios que se ejecutan en interfaces internas del dispositivo en un sistema afectado. La vulnerabilidad se debe a la configuraci\u00f3n por defecto incorrecta del dispositivo, que puede exponer interfaces internas y puertos en la interfaz externa del sistema. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante obtenga acceso no autenticado a archivos de configuraci\u00f3n y base de datos, as\u00ed como a informaci\u00f3n sensible de reuniones en un sistema afectado. Esta vulnerabilidad afecta a las plataformas Cisco Meeting Server (CMS) 2000 que ejecutan una versi\u00f3n de CMS Software anterior a la 2.2.13 o la 2.3.4. Cisco Bug IDs: CSCvg76471."
    }
  ],
  "id": "CVE-2018-0263",
  "lastModified": "2024-11-21T03:37:50.433",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-07T12:29:00.307",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104419"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041065"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104419"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041065"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-16"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1188"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2018-0263

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-0263

Aliases

CVE-2018-0263

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0263",
    "description": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.",
    "id": "GSD-2018-0263"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0263"
      ],
      "details": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471.",
      "id": "GSD-2018-0263",
      "modified": "2023-12-13T01:22:24.854288Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2018-0263",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco Meeting Server unknown",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Cisco Meeting Server unknown"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-16"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "104419",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/104419"
          },
          {
            "name": "1041065",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1041065"
          },
          {
            "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id",
            "refsource": "CONFIRM",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.13",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:cisco:meeting_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.3.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2018-0263"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A vulnerability in Cisco Meeting Server (CMS) could allow an unauthenticated, adjacent attacker to access services running on internal device interfaces of an affected system. The vulnerability is due to incorrect default configuration of the device, which can expose internal interfaces and ports on the external interface of the system. A successful exploit could allow the attacker to gain unauthenticated access to configuration and database files and sensitive meeting information on an affected system. This vulnerability affects Cisco Meeting Server (CMS) 2000 Platforms that are running a CMS Software release prior to Release 2.2.13 or Release 2.3.4. Cisco Bug IDs: CSCvg76471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-1188"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id"
            },
            {
              "name": "104419",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/104419"
            },
            {
              "name": "1041065",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1041065"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2020-09-04T15:53Z",
      "publishedDate": "2018-06-07T12:29Z"
    }
  }
}

CNVD-2018-11316

Vulnerability from cnvd - Published: 2018-06-12

Title

Cisco Meeting Server 2000 Platforms Meeting Server Software配置错误漏洞

Description

Cisco Meeting Server（CMS）2000 Platforms是美国思科（Cisco）公司的一套视频会议解决方案。Meeting Server（CMS）Software是运行在其中的一套视频会议软件。 Cisco CMS 2000 Platforms中的CMS Software中存在配置错误漏洞，该漏洞源于未能正确的默认配置，内部接口和端口会暴露在系统的外部接口上。攻击者可利用该漏洞获取配置和数据文件及敏感会议信息的访问权限。

Severity

中

Patch Name

Cisco Meeting Server 2000 Platforms Meeting Server Software配置错误漏洞的补丁

Patch Description

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id

Reference

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id

Impacted products

Name
['Cisco Meeting Server 2.2', 'Cisco Meeting Server 2.2.1', 'Cisco Meeting Server 2.3', 'Cisco Meeting Server 2.2.10', 'Cisco Meeting Server 2.2.11', 'Cisco Meeting Server 2.2.12', 'Cisco Meeting Server 2.3.1', 'Cisco Meeting Server 2.3.3']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "104419"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0263"
    }
  },
  "description": "Cisco Meeting Server\uff08CMS\uff092000 Platforms\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002Meeting Server\uff08CMS\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u89c6\u9891\u4f1a\u8bae\u8f6f\u4ef6\u3002\r\n\r\nCisco CMS 2000 Platforms\u4e2d\u7684CMS Software\u4e2d\u5b58\u5728\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u9ed8\u8ba4\u914d\u7f6e\uff0c\u5185\u90e8\u63a5\u53e3\u548c\u7aef\u53e3\u4f1a\u66b4\u9732\u5728\u7cfb\u7edf\u7684\u5916\u90e8\u63a5\u53e3\u4e0a\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u914d\u7f6e\u548c\u6570\u636e\u6587\u4ef6\u53ca\u654f\u611f\u4f1a\u8bae\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-11316",
  "openTime": "2018-06-12",
  "patchDescription": "Cisco Meeting Server\uff08CMS\uff092000 Platforms\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4e00\u5957\u89c6\u9891\u4f1a\u8bae\u89e3\u51b3\u65b9\u6848\u3002Meeting Server\uff08CMS\uff09Software\u662f\u8fd0\u884c\u5728\u5176\u4e2d\u7684\u4e00\u5957\u89c6\u9891\u4f1a\u8bae\u8f6f\u4ef6\u3002\r\n\r\nCisco CMS 2000 Platforms\u4e2d\u7684CMS Software\u4e2d\u5b58\u5728\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u9ed8\u8ba4\u914d\u7f6e\uff0c\u5185\u90e8\u63a5\u53e3\u548c\u7aef\u53e3\u4f1a\u66b4\u9732\u5728\u7cfb\u7edf\u7684\u5916\u90e8\u63a5\u53e3\u4e0a\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u914d\u7f6e\u548c\u6570\u636e\u6587\u4ef6\u53ca\u654f\u611f\u4f1a\u8bae\u4fe1\u606f\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Meeting Server 2000 Platforms Meeting Server Software\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Meeting Server 2.2",
      "Cisco Meeting Server 2.2.1",
      "Cisco Meeting Server 2.3",
      "Cisco Meeting Server 2.2.10",
      "Cisco Meeting Server 2.2.11",
      "Cisco Meeting Server 2.2.12",
      "Cisco Meeting Server 2.3.1",
      "Cisco Meeting Server 2.3.3"
    ]
  },
  "referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cms-id",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-07",
  "title": "Cisco Meeting Server 2000 Platforms Meeting Server Software\u914d\u7f6e\u9519\u8bef\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-0263 (GCVE-0-2018-0263)

CERTFR-2018-AVI-270

Solution

GHSA-4MH9-2PMQ-746J

FKIE_CVE-2018-0263

GSD-2018-0263

CNVD-2018-11316

Tags

Sightings

Nomenclature